The “Summer Olympic Games” Have Begun as Have the EHR Meaningful Use Incentive Audits

As of June 2012, the Centers for Medicare and Medicaid reports more than 100,000 healthcare providers have been paid under the Medicare and Medicaid Electronic Health Record Incentive Programs.


Now, CMS has begun its first wave of required retrospective audits for those providers that have received payment under the “Meaningful Use” EHR incentive program; CMS contracted with the firm of Figliozzi and Company to conduct the audits. The auditors will request information from providers via a letter of inquiry asking for specific, non-identifiable patient information from the EHR system.

Garden City, N.Y.-based accounting firm Figliozzi and Company, acting on behalf of CMS, has started to send letters to providers requesting them to submit documentation to support their attestation for meeting the Meaningful Use requirements. According to the law firm Ober Kaler,  the auditor is asking for four types of information:

  • A copy of the provider’s certification from the Office of the National Coordinator for the technology used to meet the program’s requirements, to show that the provider has a certified EHR system.
  • The method used to report emergency department admissions, which affects some of the required measures.
  • Supporting documentation for the completion of the attestation regarding the core set objectives and measures.
  • Supporting documentation for the completion of the attestation regarding the menu set objectives and measures.

Eligible providers and hospitals need to be mindful of the following when responding to the audit:

  • Look for a CMS logo on the letterhead of the audit letter.
  • Know that the Eligible Professional audits will be for Medicare and Medicare Advantage programs; eligible Hospital audits will be for Medicare Only and Dual Eligible, including Medicare Advantage Hospitals.
  • CMS advises audits should not be very detailed, and site visits are not being conducted.
  • Protect patient confidentiality and de-identify patient information, per HIPAA requirements.
  • Provide only the information requested by the audit letter: “less is best.”
  • Respond to the audit in a timely manner — within two weeks from request.
  • Ask questions about the audit, if not sure how to respond.

Please share your audit experience with us!

Leave a Reply

Your email address will not be published. Required fields are marked *